/**
 * 
 */
package com.ssm.util.security;

import java.io.IOException;
import java.util.Set;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.CollectionUtils;
import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;

/**
 * 
 * @author 危文涛<245108903@qq.com>
 * @version 2016年2月28日 下午10:41:46
 *
 */
public class RolesOrAuthorizationFilter extends RolesAuthorizationFilter {
	
	@Override
	public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
			throws IOException {
		
		Subject subject = getSubject(request, response);
        String[] rolesArray = (String[]) mappedValue;
        if (rolesArray == null || rolesArray.length == 0) {
            //no roles specified, so nothing to check - allow access.
            return false;
        }

        Set<String> roles = CollectionUtils.asSet(rolesArray);
        boolean isPass=false;
        for(String role:roles)
        {
        	if(subject.hasRole(role)==true)
        	{	
        		isPass=true;
        		break;
        	}
        }
        return isPass;
       
	}

}
